Security and Privacy

We have recently learned about how the NSA and GCHQ have been spying on their own people and on everyone else, and I think that may make one or two people just a bit queasy. So I want to explore a little of what we can do to preserve our privacy and secure our systems. But I need to make a disclaimer: I am not a security expert by any means. My role is more that of someone who can learn some simple things and pass them on in what I hope is an understandable manner. I do hope to give you some resources to guide you if you want to dive a little deeper into this. So with that disclaimer, let’s go.

Why Do We Need Privacy, And Isn’t It A Waste Of Time Anyway?

I think all of us may have had some hazy idea that “the government”, whomever that may be where you live, was investigating all manner of things. I happen to live in the United States of America, but I know our situation is not unique. If you think back a few years, the government of …

View page »

Encryption and E-mail

This is a series of tutorials on the subject of encryption and its use in e-mail communications. Encryption Basics Creating a Key Pair – Command Line Creating a Key Pair – GUI Client Encryption and E-mail with Thunderbird Encryption and Gmail Encrypting E-mail on Android; Importing Keys

View page »

Hashing, Passwords, and Certificates

This series explains the fundamentals of hashing and its application in passwords and certificates. Hashing and Password Security Passwords, Entropy, and Good Password Practices Symmetric vs. Asymmetric Encryption Digital Signatures and Certificates TLS/SSL Certificate Issues and Solutions  

View page »

True Crypt, Heartbleed, and Lessons Learned

In the last few weeks (as I write this in late April 2014) two events have combined to deliver a powerful lesson on the security of Open Source software. But it is important to know exactly what the right lesson is. I have seen reports that Heartbleed was a proof of something fundamentally wrong with …

View page »

Sensible Security: The Schneier Model

Back in 2001 there was a certain incident on September 11 that lead many people to go “OMG! We are doomed! We must increase security! Do whatever it takes!” And the NSA was happy to oblige. And on 7/7/05 an attack in London added to the frenzy. I think it is fair to say that …

View page »

TrueCrypt and GnuPG: An Update

Previously we looked at the issues around TrueCrypt and Heartbleed, and noted that a fundamental problem was that technologies we rely on to be safe are often developed and maintained by volunteers or people on a shoestring budget. There is now more news worth looking at in this respect, so it is time for an …

View page »

LastPass Hacked: What Does This Mean?

On June 15, LastPass disclosed that it had been hacked, and I think by now just about everyone has heard about it. I know I received questions because I have recommended LastPass often, and my advice has been to stay with them. What I want to do now is explain exactly why this was not …

View page »

SSH and Tunneling

This series will look at how to create secure connections over the Internet using SSH and Tunneling. SSH Introduction SSH Basics

View page »

Security Best Practices from SOUPS

SOUPS is the Symposium On Usable Privacy and Security, which in conjunctions with Usenix puts on an event each year where papers are presented. The 2015 event caught my eye because of a paper entitled “…no one can hack my mind”: Comparing Expert and Non-Expert Security Practices, by three researchers from Google: Iulia Ion, Rob …

View page »

NIST’s New Password Rules

We have looked at the guidelines for users in creating good passwords, but what are the best practices for the places that make you create those passwords? These would be places like Web sites, corporate networks, and so on. They create rules that are often difficult or annoying, such as “Every password must contain a …

View page »